The new Linux-based OS aims for security with usability

Subgraph OS is an “adversary resistant computing platform.” It’s similar to Tails in that it’s based on Debian Linux and all traffic is forced through Tor.

Subgraph OS is a relatively lightweight and is based on a foundation designed to be resistant to attacks against operating systems and the applications they run. The OS comes with the Tor Browser and Subgraph Mail, a new email client that has been written from scratch so that it’s both highly secure and usable.

It has a GUI, supports OpenPGP, has a built-in identity verification service, and runs in a managed runtime. It’s also architected in a way that prevents attackers who have compromised part of the app to access the encryption keys. Subgraph OS offers more than just kernel security. The Linux-based operating system comes with a slew of security and privacy features that its developers believe will be more accessible to non-technical users.

It has been in the works for the last two years, and it’s development has been partially funded by the Open Technology Fund.

The company has implemented attack mitigation features such as:

A kernel hardened with Grsecurity/PaX

Applications (browser, email client, PDF viewer, and IM client) running isolated in their own application container, with limited view of the host system and limited set of capabilities

Mandatory filesystem encryption

Features that enforce application network policies (Subgraph Metaproxy, which redirects outgoing connections to the Tor network based on a white-list of approved applications, and an application firewall)